September 25, 2012

Hacked Twitter Users Are Sending Scam Messages To Fellow Followers

In today´s culture, it seems so obvious, so well known that Internet thieves and scams are rampant, and that clicking on anything that sounds suspicious (or anything with an egregious misspelling) is generally a bad idea. This knowledge is so common, in fact, that it´s even been the punch line to many sitcom jokes, often created so the wide swath of the population will “get them” and understand.

Yet, with frequent regularity we see stories about new scams and malware threats, often tucked away in Facebook or Twitter. These threats promise adult, other odd pictures, videos or the promise to make one of these social networks work in a way they never will.

The most recent malicious attack involves 3 of the aforementioned components: A spam message via social network, a promise of a shocking video, and a terrible, awful misspelling. According to the Naked Security blog at Sophos.com, hacked Twitter users are sending Direct Messages (or DMs) to their followers with a link to what looks like a Facebook video. What makes this scam so tricky (that is, unless you aren´t easily fooled) is that according to Twitter rules, only those users who mutually follow one another can send and receive DMs. In other words, these spammy messages are the result of another Twitter user being hacked and sending messages to their followers list.

For some, these messages may appear to come from a concerned friend who just found an alleged Facebook video with the recipient in it. According to some DMs, the recipient isn´t aware they´re being taped. According to Graham Cluely of Sophos, some of the messages read: “you even see him taping u <link>” or even, “your in this link <link>”.

When the person clicks on this link, (something one should never do carelessly) they´re taken to what looks like a common video player on Facebook. The white and blue color scheme is there, and rather than starting the video immediately, this page informs the viewer that they need to upgrade their YouTube Player before they can see the content.

If the viewer hasn´t noticed every red flag to this point, clicking the link downloads FlashPlayerV10.1.57.108.exe, or Troj/Mdrop-EML. According to Sophos, this is a backdoor Trojan which is capable of copying itself onto any accessible drive or network.

As a side note, the YouTube Player does not reside on your computer and, as such, will never need updating. YouTube simply pushes videos to you, and any upgrades to the player are done on Google´s end. Flash updates, on the other hand, are a different ball game.

Since Twitter users cannot send DMs to one another without following one another, any Twitter spam or malicious message can be potentially very dangerous as it appears to come from a trusted source. Twitter users can be hacked in a number of ways, making themselves and their followers susceptible to the same dangers. Often, a user can be infected by clicking on similar links, and while the link doesn´t always download dangerous Malware to your computer and enlist you in a botnet, it could begin sending these messages out to your followers.

As a rule of thumb, never click on anything with such a terrible misspelling.